A made-to-order REST layer that exposes your Odoo models over standard HTTP verbs (GET, POST, PUT, DELETE) with JSON or XML payloads, token authentication, and access-rule enforcement. ECOSIRE scopes, builds, installs, and supports it for your exact integration needs. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $249.00 USD; request a quote for a scoped proposal.

A made-to-order REST layer that exposes your Odoo models over standard HTTP verbs (GET, POST, PUT, DELETE) with JSON or XML payloads, token authentication, and access-rule enforcement. ECOSIRE scopes, builds, installs, and supports it for your exact integration needs.
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
Most teams that run Odoo eventually hit the same wall: an external system — a headless storefront, a mobile app, a partner portal, a data pipeline, or a low-code tool — needs to read and write Odoo records over clean, predictable HTTP. Odoo ships with XML-RPC and JSON-RPC endpoints, but those are RPC-shaped, not resource-shaped: every call is a method invocation like execute_kw against res.partner, authentication is a login round-trip that returns a numeric uid, and there is no natural concept of GET /partners/42 or DELETE /orders/17. Integrators end up hand-rolling wrappers, wrestling with search_read domain syntax, and re-implementing the same auth and pagination glue on every project. That work is where budgets and timelines quietly bleed out.
Resource-style routing that maps `GET`, `POST`, `PUT`/`PATCH`, and `DELETE` onto ORM `search_read`, `create`, `write`, and `unlink` via `@http.route` controllers
JSON payloads by default, with XML request/response support where a legacy or enterprise consumer requires it
Token / API-key authentication backed by a dedicated scoped integration user — no session cookies or master credentials in client code
Access control enforced natively through your existing `ir.model.access.csv` and `ir.rule` record rules, including multi-company isolation
Query support on `GET` collections: Odoo domain filtering, field selection (sparse fieldsets), `order` sorting, `limit`/`offset` pagination, and total-count headers
Consistent typed error envelopes with correct HTTP status codes (`400`, `401`, `403`, `404`, `409`, `422`) and machine-readable bodies
This is a build-to-order REST gateway that ECOSIRE designs and builds against your specific Odoo models and workflows. We add a routed controller layer (http.Controller with @http.route(..., type='json'|'http', auth='...')) that maps standard HTTP verbs onto Odoo ORM operations: GET for search_read with filtering, field selection, sorting and pagination; POST for create; PUT/PATCH for write; and DELETE for unlink. Requests and responses are served as JSON by default, with XML available where a legacy consumer requires it. Every endpoint sits behind a real authentication scheme — API-key or token headers backed by a dedicated integration user — so you are never passing raw session cookies or embedding master credentials in client code.
Security is enforced at the Odoo layer rather than bolted on. The gateway runs each request in the context of a scoped API user, so your existing ir.model.access.csv matrix and ir.rule record rules apply unchanged — an integration that should only see its own company's sale.order records physically cannot read another company's. We add per-key rate limiting, request/response logging for auditability, input validation against your model's field definitions, and consistent typed error envelopes (proper 400/401/403/404/409/422 status codes with machine-readable bodies) so consumers can handle failures deterministically. Computed fields (@api.depends), related fields, and Many2one/One2many/Many2many relations are serialized in a documented, stable shape, and we can expose custom action endpoints (e.g. "confirm this sale order", "validate this picking") that call your business methods instead of forcing clients to replicate workflow logic.
Because this is made to order, the build starts with a scoping call, not a download. We confirm exactly which models and fields are exposed, the auth model, versioning strategy, and which Odoo edition and version you run — the gateway is delivered for Odoo 17.0, 18.0, or 19.0, and we account for Community vs Enterprise differences (Enterprise-only models such as certain accounting or field-service objects are only exposed if your edition includes them). You receive installable source in a proper module with a clean __manifest__.py, we deploy it to your staging environment for UAT, then to production. Typical delivery is 2 to 4 weeks from confirmed scope.
Pricing starts from $249 (indicative, single-company base scope); the number of exposed models and custom action endpoints, multi-company record-rule isolation, XML alongside JSON, webhook/outbound callbacks, and OpenAPI documentation depth increase the quoted scope. You get a fixed quote after the scoping call — never a surprise invoice.
Runs a decoupled storefront or mobile app and needs Odoo to be the product, pricing, inventory, and order backend behind clean REST calls rather than RPC glue — with pagination, field selection, and predictable error handling.
Syncs Odoo with CRMs, WMS/3PL, marketplaces, or payment systems and wants a stable, versioned REST contract with token auth and per-key rate limits instead of maintaining bespoke `execute_kw` wrappers on every side.
Wires Odoo into iPaaS tools, spreadsheets, or internal dashboards and needs standard HTTP endpoints their non-Odoo developers can consume, with access strictly bounded by existing record rules.
Exposes a controlled slice of Odoo data to external customers or partners and requires audit logging, scoped API keys per tenant, and multi-company isolation enforced at the ORM level.
Buy the license on ecosire.com and download the Odoo REST API Gateway module ZIP from your account dashboard.
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Activate Developer Mode, open Apps, click Update Apps List, search for Odoo REST API Gateway, and press Install.
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| API style | Resource-shaped REST: HTTP verbs on models | Whatever you build, if you have the time | Generic REST, fixed to its own conventions | |
| Authentication | Token/API-key via scoped integration user | Hand-rolled, quality varies | Built-in key auth, limited configurability | |
| Security model | Enforces your `ir.model.access` + record rules | Only as good as your implementation | Honors ORM rules but generic exposure | |
| Fit to your models | Scoped to your exact models and workflows | Fully custom, at full custom cost | One-size-fits-all, tune within its limits | |
| Custom action endpoints | Business methods exposed (confirm, validate, post) | Possible, more build effort | Rarely; CRUD-focused | |
| Errors & pagination | Typed status codes, `limit`/`offset`, counts | You design and maintain it | Standardized but inflexible | |
| Support & updates | Post-go-live window + quoted enhancements | Your team owns it forever | Vendor forum / ticket queue | |
| Ownership | Full source + git repo handover, no lock-in | You own it (you built it) | Licensed module, vendor-controlled |
This is build-to-order, not an instant download. After a scoping call to confirm the exact models, auth scheme, and Odoo version, typical delivery is 2 to 4 weeks from confirmed scope. Larger surfaces — many models, custom action endpoints, multi-company isolation, or webhooks — sit at the upper end of that range, and we give you a target date in writing before work starts.
Pricing starts from $249 as an indicative figure for a single-company base scope. The final number depends on how many models and custom endpoints you expose, whether you need XML alongside JSON, multi-company record-rule isolation, webhooks, and documentation depth. You get a fixed, written quote after the scoping call — the from-price is a starting point, not a firm all-in price.
Odoo's native `XML-RPC`/`JSON-RPC` endpoints are RPC-shaped — every call is a method invocation like `execute_kw` against a model, with login-based auth returning a numeric `uid`. This gateway gives you resource-shaped REST: real HTTP verbs mapped to `GET`/`POST`/`PUT`/`DELETE`, token auth, pagination, field selection, versioned URLs, and consistent typed error codes. It's built on the same ORM, so your security rules still apply, but it's far cleaner for external consumers.
No. The gateway runs each request as a dedicated scoped integration user, so your existing `ir.model.access.csv` access rights and `ir.rule` record rules are enforced unchanged, including multi-company isolation. Authentication uses API keys/tokens rather than session cookies or master credentials, and we add per-key rate limiting plus request logging so every call is auditable.
Every build includes a post-go-live support window for defect fixes and integration questions. Because you receive the full source and git repository, you own the code outright. When you upgrade Odoo (for example 18.0 to 19.0) or want new endpoints added, we offer a separately quoted maintenance or enhancement engagement — nothing is locked behind a subscription you can't leave.
We build for Odoo `17.0`, `18.0`, and `19.0`, on both Community and Enterprise. We confirm your edition during scoping because Enterprise-only models (certain accounting, field-service, or subscription objects) can only be exposed if your license includes them. The delivered module targets your specific version and is tested against it on staging before production.
Yes. Computed (`@api.depends`), related, and relational fields are serialized in a stable, documented shape. Beyond CRUD, we can expose custom action endpoints that call your own model methods — confirming a sale order, validating a picking, posting an invoice — so external clients trigger real Odoo workflows instead of trying to replicate business logic themselves.
A made-to-order REST layer that exposes your Odoo models over standard HTTP verbs (GET, POST, PUT, DELETE) with JSON or XML payloads, token authentication, and access-rule enforcement. ECOSIRE scopes, builds, installs, and supports it for your exact integration needs.